New cybersecurity threat discovered in the EA Games – Origin Platform

Nettitude discover a critical vulnerability that compromises the security of user devices.

Nettitude announced we have identified a vulnerability affecting the Electronic Arts Origin Windows client. This discovery is a major find for Nettitude as we strive to continually enhance and maintain the security of our clients and the digital world we live in.

“EA Origin is used by millions of gamers around the world” says Chris Oakley, VP of Technical Services for the Americas at Nettitude. “This vulnerability allows threat actors to deploy malware to e.g. compromise banking and payment data, deploy ransomware, and more.”

Nettitude have found that Electronic Arts Origin Windows client has a vulnerability in the way it handles one of its software libraries. It also runs with excessive service permissions.

This combination of flaws allows an attacker to exploit a machine running the Origin Windows client by moving locally from a low privilege user to a user with the highest privileges. Subsequently, an attacker could easily deploy malware locally and even move laterally to other machines in the network for wider compromise.

A full technical analysis for this vulnerability can be found here. That article explains how we identified and exploited the vulnerability. It also provides guidance to developers on avoiding the same class of vulnerability. The vulnerability was discovered by Tom Wilson (@uint_ptr).

Electronic Arts were receptive to our report and, following communications with us, have recently produced an effective patch. As of the latest version, this local privilege escalation vulnerability in Electronic Arts Origin Windows client has been fixed. This vulnerability has been assigned CVE-2020-27708.